The Need for Speed: Integrated Threat Response

It’s 2018 – why are we still manually blocking firewall ports, manually ingesting threat feeds, and manually implementing blocks from well-known, trusted sources? Automation and integration allows security professionals to keep up with the pace of today’s threat landscape. The two go hand in hand but are they right for every organization?

This webcast explores the pros and cons of automation and integration, focusing on what an organization needs to consider before implementing such an approach. Most important, the webcast and associated white paper will help answer these key questions:

What would it take to manually do what automation does?
How can I protect my assets?
How do I get actionable threat intelligence?

As we move toward the halfway point in the year, it might be a good time to evaluate the effectiveness of your organization’s security posture. According to CyberEdge’s 2019 Cyberthreat Defense Report, 78% of enterprises were victimized by a successful cyberattack last year. Is your organization next?

-56% of organizations were compromised by ransomware
-45% of ransomware victims paid the ransom
-13% of a typical IT budget is spent on security
-84% of organizations are experiencing an IT security skills shortage
-Malware, ransomware, and spear-phishing cause the most headaches

Join LookingGlass’ SVP of Delivery & Support, James Carnall, and CyberEdge’s Co-founder & CEO, Steve Piper, as they review insights from CyberEdge’s sixth-annual research study. They’ll also provide answers to important questions, such as:

-What are the weakest links in current security postures?
-What’s standing in the way of IT security professionals?
-What are the hottest security technologies for 2019?

Vendors, suppliers, and independent subsidiaries are gaining more and more access to your network and sensitive data because today’s business models include outsourcing of non-mission critical programs and tasks, which brings a whole new world of risk to your organization. These not so new cyber risks make traditional perimeter defense no longer enough. Companies need continuous visibility and monitoring of their external partners threat landscapes. Use a cyber situational awareness platform that provides you with a map of your cyber risks you can identify vulnerabilities before the adversary does.

In this webinar, LookingGlass Product Manager, Brandon Dobrec and Security Ledger Editor-in-Chief, Paul Roberts will discuss what you need to assess vendors in the modern cyber environment, providing you with the right map to assess your external risk.

This webinar will answer:

- Why point-in-time scorecards are a necessary component of third party risk management, but are woefully inadequate for proactively defending against future attacks

- How a cyber situational platform delivers an outside-in view of your network, allowing you to see gaps in your network

Cyber threats are becoming more frequent and more targeted. Bad actors are more adept at social engineering and investigating your network and infrastructure to understand your organization’s cyber strengths and weaknesses. Security teams need to focus on who or what will seek to exploit them and how they are likely to do so, instead of being hyper-focused on just the threat itself.

This webinar delves into how one of the world's top financial services firms developed and implemented a robust threat model capable of repelling the world's most sophisticated hackers and nation-state actors. Join LookingGlass Product Manager, Dan Martin, and Security Ledger Editor-in-Chief, Paul Roberts for an introduction to ScoutThreat™, a threat management platform that helps security analysts streamline threat analysis work and extract the maximum value from threat intelligence.

In this webinar you will learn:
- Advantages of modeling adversaries to get ahead of threats to your IT environment
- Structuring threat models to account for a myriad of sophisticated cyber risks
- How to overcome hurdles in creating robust threat models that address real-world risks
- How ScoutThreat can help you build a proactive security posture

LookingGlass Senior Vice President of Product, Eric Olson, and Vice President of Customer Support, James Carnall

It’s 2018 and threat actors continue to leverage the same tactics – phishing, ransomware, botnets, etc. – against their targets. They’ve using the same techniques for years, yet it’s still working. Do we sound like a broken record yet?

With October being National Cyber Security Awareness Month, it’s an ideal time to re-evaluate the cyber threat landscape and your cybersecurity hygiene. Topics like fake news, privacy, and the Internet of Things are “hot” topics in mainstream culture, and you need to know their impacts on your organization.

Join LookingGlass’ Senior Vice President of Product, Eric Olson, and Vice President of Customer Support, James Carnall, in a lively discussion about the hottest cybersecurity topics and what your organization can do to protect itself against them. Wednesday, October 24 @ 2PM ET.

This webinar will also cover:
· Business Email Compromise (BEC)
· Single Sign-On and Password Managers
· Information Warfare
· Third Party Risk

It’s 2018 – why are we still manually blocking firewall ports, manually ingesting threat feeds, and manually implementing blocks from well-known, trusted sources? Automation and integration allows security professionals to keep up with the pace of today’s threat landscape. The two go hand in hand but are they right for every organization?

This webcast explores the pros and cons of automation and integration, focusing on what an organization needs to consider before implementing such an approach. Most important, the webcast and associated white paper will help answer these key questions:

What would it take to manually do what automation does?
How can I protect my assets?
How do I get actionable threat intelligence?

Traditional cybersecurity leads with a “block & tackle” strategy. But as threats become more complex, targeted, and sophisticated, security operations centers (SOC) require a better understanding of how threats beyond the perimeter interact with their network. Join IDC special guest, Research Director Chris Kissel and LookingGlass Product Manager Brandon Dobrec in a discussion on modern-day SOC needs for a threat platform that marries automated intelligence tradecraft with the human element.

Michael Suby, VP of Research at Frost & Sullivan, and James Carnall, VP of Customer Support Group at LookingGlass

In the highly dynamic online landscape of misinformation, fake news, gossip, and the trading of absconded data, organizations must expand their cybersecurity arsenals in protecting their brands, personnel, facilities, and sensitive information. They must take into account what exists outside the perimeter in the greater cyber ecosystem: the surface, dark, and deep web. Locating and assessing these threats, however, is a challenge for even experienced threat hunters. The tools and techniques are non-standard. You should ask yourself, “Is my security team ready to tackle what lies beyond the perimeter?” If not, let us shed light on this topic. Register for LookingGlass' "Threats Beyond the Perimeter" webinar on Tuesday, July 17 @ 2 pm ET to hear Michael Suby, VP of Research at Frost & Sullivan and James Carnall, VP of Customer Support Group at LookingGlass discuss how these scenarios may affect your brand, employees, and facilities.

Cyber threat intelligence – when properly gathered, refined, and applied – can help organizations identify business risks and target both protections and mitigations. But what distinguishes high-quality and actionable threat intelligence from low-quality security "noise"? How are cutting edge CISOs and IT security teams applying threat intelligence to respond to incidents and slam shut windows of compromise?

Find out in this webinar moderated by Paul Roberts, the Editor in Chief at The Security Ledger. Paul will be joined by LookingGlass’ Brandon Dobrec, and counter threat intelligence & vulnerability research expert Chris Roberts. Together they will review the value of threat intelligence to organizations, discuss how cutting edge firms are using threat intelligence to their advantage, and review how to orchestrate threat intelligence to automate mitigation and combat third party risk.

Hundreds of thousands of fans and their personal devices. Increased political tension. International boycotts. What is at stake at the 2018 FIFA World Cup? This webinar will examine the cyber and physical risks surrounding this year’s upcoming World Cup in Russia including the likelihood of a large-scale cyber attack and a simulation of how a possible attack might play out – how it could be launched and the steps to taken to ameliorate the effects.

Join LookingGlass’ Sr. Director of Investigation, Olga Polishchuk, and special guest speaker Rob DuBois of Impact Actual on Wednesday, June 6 @ 9am ET/ 2pm GMT as they explore elevated threats that may play out during one of the world’s largest and most treasured sporting events. Register now!

Vice President of Customer Support James Carnall and Vice President of Intelligence Operations Eric Olson

Phishing, ransomware, and data breaches plague organizations of all sizes and industries, but the financial services market has always had the largest target on its back. As a mid-market financial organization, how do you fend off these attacks when you don’t have the budget for everything you need: data feeds, tools, analysis and mitigation?

The answer: “Threat Intelligence-as-a-service.” This, robust, cost-effective option, brings together dozens of structured threat intelligence feeds, online monitoring of social media and the dark web, and round-the-clock human review to give you vetted, relevant intelligence specific to your organization. Even better, there is no hardware or software to install, this is a completely managed service that can be up and running in hours or days. It finally puts “big bank” threat intelligence capabilities within the reach of smaller organizations.

Join LookingGlass’ Vice President of Customer Support James Carnall and Vice President of Intelligence Operations Eric Olson on Wednesday, March 21 @ 2pm ET as they discuss how threat intelligence can be affordable for mid-market organizations with LookingGlass’ Information Security-as-a-Service package, a new offering tailor made for your organization’s cybersecurity needs.

Threats in today’s cyber landscape are becoming increasingly sophisticated. To successfully fend off attacks, organizations need security tools that work effectively and efficiently across vendors; however, it is not uncommon for one vendor’s products to not work with others, despite claiming support for standards. In this webinar, we will introduce some of the key challenges a heterogeneous integrated security environment must solve and how STIX/TAXII2 standards-based technologies support solving those challenges in a new and effective manner.

Olga Polishchuk, Senior Director of Investigation and Jonathan Tomek, Senior Director of Research

Our webinar with LookingGlass’ Senior Directors of Intelligence, Olga Polishchuk and Jonathan Tomek will explore how you and your security team can benefit from finished intelligence, including insights into key topics like policy, high-profile events, and threat trends. Whether you need to know more about international business law or want to a specific threat actor’s profile, having strategic intelligence at your fingertips can help keep your organization safe from cyber and physical threats.

“I have to prepare a report for our senior management, but don’t have the necessary intel.”
“We have an international event happening in our city. Having strategic intelligence will help our security team be prepared.”
“If my team had access to finished intelligence, they would be better able to predict lateral movements by adversaries.”

Join us on February 21 @ 2PM ET to learn how you can enable your security team to make better tactical and business decisions.

Eric Olson, VP of Intelligence Operations, and James Carnall, VP of Customer Support

2017 was filled with cybersecurity meltdowns. From WannaCry to BadRabbit, the cybersecurity landscape has only become more volatile. With cyber threats on the rise, is your organization’s security posture ready for 2018?

Join LookingGlass’ Vice President of Customer Support, James Carnall and Vice President of Intelligence Operations, Eric Olson as they take a closer look at 2017’s major cyber-related incidents and provide tips and recommendations on how your organization can prepare for 2018. Webinar attendees will learn:

· Major cybersecurity trends from the past year
· Cybersecurity tactics that worked – and didn’t work – in 2017
· How to take a proactive cybersecurity approach to fending off cyber threats

Security organizations face numerous challenges, from increasingly large volumes of data and lack of tools and trained staff, to validate intelligence to the inability to operationalize threat intelligence. What’s required is a solution that addresses their business needs at every stage of the business cycle.

In this webinar, Intellyx’s Principal Analyst Charles Araujo and LookingGlass’ Senior Vice President of Threat Intelligence Services Doug Dangremond will discuss the benefits of the threat intelligence-as-a-service (TIaaS) model and how it can strengthen and complement security postures of varying maturity levels, including:

- I just started my security program and have immediate needs that need to be dealt with right now
- I’ve grown my team but I need to take it to the next level
- I have a specific occurrence that needs to be dealt with
- I don’t have CapEx, and need to determine what to do in advance of building a team

By now, the majority of us have likely been inundated with stories about third party data breaches and how one vendor’s vulnerability can cost your organization millions. But how do you know if you’re doing enough to stop third party risk?

As we enter 2018, new U.S. and European cyber regulations are going into effect, and organizations can no longer check the box when it comes to their vendors’ cybersecurity. You are not only liable for knowing where you are most at-risk, but now you must also understand how that risk affects your organization and identify a solution for mitigating that risk.

This webinar features guest speaker Nick Hayes, Senior Analyst at Forrester and LookingGlass VP of Intelligence Operations Eric Olson. They will delve into the third party risk landscape: our current state of affairs, and where the industry is moving, as well as how you can take a different approach to third party risk prevention, including:
• How to see where your vendors are already compromised
• The importance of actionable intelligence for real-time mitigation
• Why a continuous monitoring solution is the future of third party risk

This series describes a comprehensive “business technical approach” to the justification, definition, design and execution of Threat Intelligence Programs.

What do we mean by “business technical approach’ to Threat Intelligence?

Much in the industry is focused solely on one technical aspect or another of threat intelligence data that indicates information about a specific malware family, a set of indicators that can be used to block malicious sites, campaign information that highlights a threat actors profile, their tactic, techniques and procedures. But much of the technically focused content do not discuss how organizations can gather or construct that information themselves, and even more so, how an organization would organize themselves to respond to such data. Much of the output of the industry is providing the fish to organizations rather than teaching the organizations how to fish themselves.

A ‘business technical approach’ is one where we define an approach focused on the business needs, the organization personnel, organizational roles & responsibilities, team structure and those elements’ interaction with technology to address the challenge of successful threat intelligence operations. Our goal is to help organizations build effective Threat Intelligence programs.

With Part 2, we introduced the overall vision of a successful TI Program. In this webinar, we dig into the key elements of the TI program with concrete examples, and key components of the program that must exist including the right team, process, tools, metrics and connections.

This series describes a comprehensive “business technical approach” to the justification, definition, design and execution of Threat Intelligence Programs.

What do we mean by “business technical approach’ to Threat Intelligence?

Much in the industry is focused solely on one technical aspect or another of threat intelligence data that indicates information about a specific malware family, a set of indicators that can be used to block malicious sites, campaign information that highlights a threat actors profile, their tactic, techniques and procedures. But much of the technically focused content do not discuss how organizations can gather or construct that information themselves, and even more so, how an organization would organize themselves to respond to such data. Much of the output of the industry is providing the fish to organizations rather than teaching the organizations how to fish themselves.

A ‘business technical approach’ is one where we define an approach focused on the business needs, the organization personnel, organizational roles & responsibilities, team structure and those elements’ interaction with technology to address the challenge of successful threat intelligence operations. Our goal is to help organizations build effective Threat Intelligence programs.

In Part 1 of the CSO Series we introduced the key business and technical requirements of TI programs. In Part 2 webinar we will examine some important definitions to consider in TI and how to start building the program based on the requirements identified in Part 1 of the series. We will introduce to the audience the overall vision of the TI program execution, doing gap analysis on existing security programs and identifying where the TI program can complement and enhance existing investments.

This series describes a comprehensive “business technical approach” to the justification, definition, design and execution of Threat Intelligence Programs.

Much in the industry is focused solely on one technical aspect or another of threat intelligence data that indicates information about a specific malware family, a set of indicators that can be used to block malicious sites, campaign information that highlights a threat actors profile, their tactic, techniques and procedures. But much of the technically focused content do not discuss how organizations can gather or construct that information themselves, and even more so, how an organization would organize themselves to respond to such data. Much of the output of the industry is providing the fish to organizations rather than teaching the organizations how to fish themselves.

A ‘business technical approach’ is one where we define an approach focused on the business needs, the organization personnel, organizational roles & responsibilities, team structure and those elements’ interaction with technology to address the challenge of successful threat intelligence operations.

In Part 1 we will examine what drives CISOs and organizations to consider adoption of a threat intelligence practice. CISO’s are focused on Risk reduction to their organizations but may not have a fully defined set of requirements on who, how, where Threat Intelligence can assist in that high-level goal. They may require a solid business case to justify the investment and have a supporting set of well-defined business and technical requirements. Some key questions help formulate the executive’s plan.
-What are the costs of solving these requirements?
-How can my organization’s revenue be protected while investing in TI?
-What is the right balance of both tactical and strategic Threat Intelligence-driven responses?
-Where can existing investments be leveraged?

Ransomware, spear phishing and third party breaches have become a huge problem as organizations become more connected online and expand their cyber footprint. When even the largest and most
sophisticated global organizations, government agencies, and multinational banks are routinely penetrated and taken offline by cyber criminals, how can a concerned enterprise quickly and cost-effectively evaluate their own risk?

During this webinar, Vice President of Intelligence Operations, Eric Olson, and VP of Cyber Security Center, James Carnall, will discuss how organizations can evaluate their internal and third party cyber risk to:

The current number of active cyber threats is astounding. Do you know which threats are targeting you right now and which threats are likely to cause greatest harm to your company?

This session examines how correlating network flow data with cyber threat information during incident response provides knowledge of not only what threats are active or targeting you, but which of your assets are being targeted before or during an incident. We examine the many data types used in commonly-shared indicators of compromise and explore which provide for automating correlation with network flow data. The pros and cons of common correlation algorithms are discussed with a focus towards their contributions and limitations to enhancing threat intelligence efforts. Proper network flow correlation should provide a foundation for performing risk-based mitigation that identifies the threats that are creating the greatest loss of value for your organization rather than chasing down the threats deemed most harmful by the industry.

By addressing risks across structured Indicators of
Compromise (IoCs), unstructured
and open source data (OSINT), internal network telemetry, and network threat mitigation, customers gain unprecedented understanding into threats that may impact their business including cyber, physical assets, and third party partners.

Prioritized, relevant and timely insights enable customers to operationalize threat intelligence in an effective and efficient way throughout the threat lifecycle.